Chat now with support
지원 담당자와 채팅

Identity Manager Data Governance Edition 8.1.1 - Technical Insight Guide

Introduction Data Governance Edition Network Communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Get-QResourceSecurity

Returns the security descriptor for a given resource in the SSDL format.

Syntax:

Get-QResourceSecurity [-ResourceUri] <String> [-ResType] <String> [-DomainDNSName] <String> [[-NoSACL] [<SwitchParameter>]] [[-NoDACL] [<SwitchParameter>]] [[-NoOwner] [<SwitchParameter>]] [[-NoGroup] [<SwitchParameter>]] [<CommonParameters>]

Table 223: Parameters
Parameter Description
ResourceUri Specify the path to the resource for which you want the security descriptor.
ResType

Specify the type of resource in question:

  • adminrights
  • localosrights
  • files
  • folders
  • shares
DomainDNSName Specify the DNS domain name of the domain where the managed host with the resource in question resides.
NoSACL

(Optional) Specify this parameter if you do not want to return the SACL information in the SDDL.

If this parameter is not specified, the SACL information will be included.

NoDACL

(Optional) Specify this parameter if you do not want to return the DACL information in the SDDL.

If this parameter is not specified, the DACL information will be included.

NoOwner

(Optional) specify this parameter if you do not want to return the Owner information in the SDDL.

If this parameter is not specified, the owner information will be included.

NoGroup

(Optional) Specify this parameter if you do not want to return the group information in the SDDL.

If this parameter is not specified, the group information will be included.

Examples:
Table 224: Examples
Example Description

Get-QResourceSecurity -ResourceUri "\\QAMAUTOMem1\c$\autoroot\test_folder" -ResType Folders -DomainDNSName QAMAUTO.QC.HAL.CA.QSFT

Returns the security descriptor for the specified resource on QAMAUTOMem1 in the specified domain.

Set-QResourceSecurity

Sets or updates the security on a given resource to the specified security descriptor.

Note: The existing security descriptor is completely replaced.

Syntax:

Set-QResourceSecurity [-SDDL] <String> [-ResourceUri] <String> [-ResType] <String> [-DomainDNSName] <String> [-HostDownLevelName] <String> [<CommonParameters>]

Table 225: Parameters
Parameter Description
SDDL Specify the security descriptor (SDDL format) to be set.
ResourceUri Specify the path to the resource that you want to set the security for.
ResType

Specify the resource type of the resource to have its security descriptor set. Valid values are:

  • adminrights
  • localosrights
  • files
  • folders
  • shares
DomainDNSName Specify the DNS name of the resource's domain.
HostDownLevelName Specify the downlevel name of the host where the resource resides.
Examples:
Table 226: Examples
Example Description

Set-QResourceSecurity -SDDL "O:BAG:DUD:AI(A;;FA;;;BA)(A;OICIID;FA;;;BA)(A;OICIID;FA;;;SY)(A;OICIIOID;GA;;;CO) (A;OICIID;0x1200a9;;;BU)(A;CIID;LC;;;BU)(A;CIID;DC;;;BU)S:PAI" -ResourceUri "\\QAMAUTOMem1\c$\autoroot\test_folder" -ResType Folders -DomainDNSName QAMAUTO.QC.HAL.CA.QSFT -HostDownLevelName QAMAUTOMem1

Sets the security on the specified resource to the specified SDDL on the computer qamautomem1 in the domain qamauto.qc.hal.ca.qsft.

Governed data management

Governing unstructured data allows you to manage data access, preserve data integrity, and provide content owners with the tools and workflows to manage their own data.

The following commands are available to you to manage governed data. For full parameter details and examples, click a command hyperlink in the table or see the command help, using the Get-Help command.

Table 227: Governed data management commands

Use this command

If you want to

Get-QDataUnderGovernance

View the data within your organization that has been placed under governance. Data is considered “governed” when it has been explicitly placed under governance or published to the IT Shop.

For more information, see Get-QDataUnderGovernance.

Get-QPerceivedOwnerPoI

View the name of the perceived owner for the specified governed resource. You can use the calculated perceived owners to identify potential business owners for data within your environment.

For more information, see Get-QPerceivedOwnerPol.

Get-QSelfServiceClientConfiguration

View the options that are available for self-service requests within the IT Shop.

For more information, see Get-QSelfServiceClientConfiguration.

Get-QSelfServiceMethodsToSatisfyRequest

View the group membership that is required to satisfy an access request.

When employees request access to a resource, an approval workflow is put into action. Before the request for resource access can be granted, the business owner must select a group to which that employee could be added to fulfill their request.

For more information, see Get-QSelfServiceMethodsToSatisfyRequest.

NOTE: This PowerShell cmdlet does not support NFS or Cloud resources (since these types of resources cannot be published to the IT Shop).

Remove-QDataUnderGovernance

Remove data from governance.

NOTE: Removing a resource from governance, also removes it from the IT Shop.

For more information, see Remove-QDataUnderGovernance.

Set-QBusinessOwner

Set the business owner on a governed resource to establish a custodian for data. The business owner should be an employee who understands the nature of the data and the list of authorized users. Ownership can be established for an individual employee or for all employees in an application role.

For more information, see Set-QBusinessOwner.

Set-QDataUnderGovernance

Place a resource under governance. Once data is “governed”, the Data Governance server periodically queries the agent responsible for scanning that data and retrieves detailed security information concerning it and any child data. The data is then placed in the central database to be used by policies and attestations.

You can also use this command to set the business owner on governed resources to establish a custodian for data. The business owner should be an employee who understands the nature of the data and the list of authorized users. Ownership can be established for an individual employee or for all employees in an application role.

For more information, see Set-QDataUnderGovernance.

Set-QSelfServiceClientConfiguration

Set the options that are available for self-service requests within the IT Shop.

For more information, see Set-QSelfServiceClientConfiguration.

Trigger-QDataUnderGovernanceCollection

Trigger data collection for governed resources for a given managed host.

For more information, see Trigger-QDataUnderGovernanceCollection.

Upgrade-QDataUnderGovernanceRecords

Upgrade the format of existing governed data in the database after an upgrade from version 6.1.1 or earlier.

NOTE: This is a requirement for upgrading to version 6.1.2 or 6.1.3.

For more information, see Upgrade-QDataUnderGovernanceRecords.

Get-QDataUnderGovernance

Retrieves the data within your organization that has been placed under governance.

Syntax:

Get-QDataUnderGovernance [[-ResourcePath] [<String>]] [[-ManagedHostId] [<String>]] [[-MaxResults] [<Int32>]] [<CommonParameters>]

Table 228: Parameters
Parameter Description
ResourcePath

Specify the path to a particular resource under governance.

If this parameter is not specified, all resources under governance on the specified managed host are returned.

NOTE: Either the ResourcePath or ManagedHostId parameter must be specified.
ManagedHostId

Specify the ID (GUID format) of the managed host you are interested in.

NOTE: Run the Get-QManagedHosts cmdlet without any parameters to retrieve a list of available managed hosts and their IDs.

NOTE: Either the ResourcePath or ManagedHostId parameter must be specified.
MaxResults

(Optional) Specify the maximum number of results to be returned.

If this parameter is not specified, all results are returned.

Examples:
Table 229: Examples
Example Description
Get-QDataUnderGovernance -ResourcePath \\QAMAUTOMEM1\C$\AutoRoot\DuG\Folder1 Returns the data under governance object for the resource specified.
Details retrieved:
Table 230: Details retrieved
Detail Description (Associated key or property in QAMDuG table)
ManagedHostId Value (GUID) assigned to the managed host computer.
IsForITShop Indicates if the resource is available for requests through the IT Shop.
DatePublishedToITShop The date (UTC) when the resource was published to the IT Shop.
IsPublishable Indicates that the resource is able to be published to the IT Shop.
IsPointOfInterest Indicates that a point of interest was intentionally placed under governance.
RequiresOwnership Indicates that the resource requires that an owner be assigned.
DisplayName Name of the governed resource.
DisplayPath Path and name of the governed resource.
Description Descriptive information entered for the governed resource.
FullPath Full path of the governed resource.
FullPathHashSHA1 Hash value over the full path for unique identification.
Justification The reason for assigning this owner to the resource.
OwnershipSetBy Name of the account that set the owner.
PlacedUnderGovernanceBy Name of the account that placed the resource under governance.
RiskIndex Calculated risk index of all assignments to this data.
ActivityResourceId The value that relates the roots in this database to data in the Data Governance activity resource database.
DateOwnershipSet The date (UTC) when the ownership of the resource was set.
UID_QAMDuG The identifier assigned to the governed resource by Data Governance Edition.
IsStale Indicates whether the resource was renamed or deleted.
LastEncounteredTime The time detailed security information was successfully collected.
PersonOwnerKey If you have assigned a person as the business owner of this resource, this is the primary key of that person.
PersonOwnerDisplay If a person is assigned as the business owner, the name of that employee.
RoleOwnerKey If you have assigned a role as the business owner of this resource, this is the primary key of that role.
RoleOwnerDisplay If an application role is assigned as the business owner, the name of that application role.
ResourceType The governed data type.
ManagedHostName The name of the managed host computer.
UseBackingFolderSecurity Indicates to use the backing folder of a share.
LastPoiCollection The date (UTC) when the POI was last collected.
LastPoiSubmission The date (UTC) when the POI was last submitted.
Security The security used for governance. (SecurityForGovernance)
ClassificationLevelId If a classification level is assigned, the identifier assigned to the classification level. (UID_QAMClassificationLevelMan Value)
ClassificationLevelName If a classification level is assigned, the name assigned to the classification level. (UID_QAMClassificaitonLevelMan)
관련 문서